TDM Open Source Software Services

Moodle, Totara and Mahara eLearning Managed Hosting

Our cloud hosting environment is specifically designed to optimally host the platforms which we have worked with for over a decade. Our Moodle, Totara and Mahara hosting is resilient and flexible to suite your needs.


  • LAMP support (Linux, Apache/Tomcat, MySQL, PHP/Java)
  • Domain names and DNS
  • Maintenance and optimisation
  • Ongoing security maintenance, patches and updates as required
  • Daily backups and encrypted off-site backups
  • Secure file access (SSH & SFTP)
  • Availability and performance monitoring
  • Scalable storage packages
  • Server-side technical support includes specific server-side duties
  • SSL Certificates and secure access


  • We monitor, tune and scale the performance of your system
  • We take care of servers, operating systems, applications and databases
  • A system up to date with backups and upgrades
  • Robust and reliable hosting
  • Scalable service
  • Cost effective
  • Flexibility of Open Source
  • Open for Learners 24hrs, 7-days a week, 365-days a year


£1250 per instance per year

Service documents


G-Cloud 11

Service ID

7 7 8 2 9 3 7 0 0 5 7 2 4 6 1


TDM Open Source Software Services

Ian Hatton

0333 10 100 96

Service scope

Service constraints
From time to time it may be necessary to upgrade our infrastructure or your software, this will usually be done without service interruption, any at risk or maintenance periods will be communicated and agreed with the client in advance.
System requirements
  • Internet connectivity
  • Minimum browser requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Office hours UK time 9am till 5pm weekdays.
• Immediate response for critical problems
• 4 hour response for non­-critical problems
Please use emergency contact number at all other times for immediate response.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Please refer to price list and SFIA pricing guide.
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training, online training and user documentation is available before, during and after the on boarding phase.
Service documentation
End-of-contract data extraction
We can either transfer your data to your new provider / own systems or allow them access to retrieve the data from our systems depending on experience / compatibility. Alternatively we can provide your data in archived format via secure download or file transfer.
End-of-contract process
We are of the belief that we are only the custodians of your system and data, therefore you are free to leave and take your data at any point should you wish to do so (assuming any contractual / financial obligations have been met). We will never charge for off boarding your data.

Using the service

Web browser interface
Command line interface
Command line interface compatibility
Linux or Unix
Using the command line interface
Command line access will be granted upon request depending on requirements alternative options may be suggested.


Scaling available
Independence of resources
We have a variety of hosting options to suit your needs, we never overload our servers so always have ample capacity even at peak times.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Rapidswitch Ltd.

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Data files
  • Web files
  • Databases
  • Configuration files
  • Courses
Backup controls
Due to the extensive size of Moodle and Totara sites we will take an incremental backup. This means that the first backup taken will be a complete system backup and from this point onwards we will take a copy of any data that has changed.

Backups are stored in a day/week/month/year format which means we will always have a backup from the previous 7 days, 4 weeks and 12 months. Due to the dynamic nature of online learning it’s paramount to keep this data up to date with frequent backup intervals.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We expect 99.99% server up time.
Approach to resilience
Our servers are utilising a VMware vSphere (ESXi) 5.5 High availability configuration which will ensure that should the server fail for any reason the service will continue to run on a backup system until the problem is resolved. Should a server experience any difficulties all services will automatically be ported to another server in the cloud and will continue to run, this entire process is completed in seconds.
Outage reporting
Email alerts.
Web monitoring.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Support contracts will be nominated by the client, these may have different roles which will be assigned using our support portal (i.e. invoicing, sales, services, support etc). Any requests arriving via other means which be checked against the information held on our systems, you may nominate new and remove users at any time during the contract.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Held by hosting provider
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO 9001: 2015 (held by hosting provider)
  • ISO 50001: 2011 Energy Management (held by hosting provider)
  • ISO 22301: 2012 (held by hosting provider)
  • ISO 9001 (TDM)
  • ISO 14001 (TDM)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Please refer to terms and conditions document.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Please refer to our Terms and conditions document
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Please refer to our Terms and conditions document
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Please refer to our Terms and conditions document
Incident management type
Supplier-defined controls
Incident management approach
Please refer to our Terms and conditions document

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Users are hosted in individual virtual machines, there is no cross tenancy between VM's. Note that shared hosting customers will share the same VM but data and services are not shared between users.

Energy efficiency

Energy-efficient datacentres


£1250 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑